Topics
Reimbursement
Home health agencies get half a percent pay increase
Home health agencies get half a percent pay increase
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Hospital margins climb to 5.1% in September
Hospital margins climb to 5.1% in September
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
$47.5 million grant allows Rutgers to turn lab discoveries into practical healthcare
Rutgers to promote 'translational' science with $47.5M grant
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cleveland Clinic partnering with Cavaliers on new training center
Cleveland Clinic partnering with Cavs on new sports complex
Compliance & Legal
DOJ sues to block UnitedHealth's acquisition of Amedisys
DOJ sues to block UnitedHealth's acquisition of Amedisys
Policy and Legislation
AHA promotes healthcare navigators in letter to CMS
AHA promotes healthcare navigators in CMS letter
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
MD Anderson launches new cancer research center
MD Anderson launches new cancer research center
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Elevance Health 'considering options' following star ratings hit
Elevance Health 'considering options' following star ratings hit
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Teladoc posts $640.5 million in revenue, stresses virtual care improvement
Teladoc posts $640.5 million in revenue
Mergers & Acquisitions
Astrana Health to acquire Prospect providers, health plan
Astrana Health to acquire Prospect providers, health plan
View more
Nov 03, 2023 More on Compliance & Legal

AHA sues OCR over rule regulating the use of online tracking technologies

OCR says the use of such tools violates HIPAA when the information collected includes protected health information. 

Susan Morse, Executive Editor

Photo: MoMo Productions/Getty Images

The American Hospital Association, the Texas Hospital Association and nonprofit health systems Texas Health Resource and the United Regional Health Care System are suing the federal government over a rule prohibiting the use of online tracking technologies on providers' public web pages.

The lawsuit against the Office for Civil Rights, Department of Health and Human Services, was filed Thursday in the U.S. District Court for the Northern District of Texas.

It challenges a December 2022 bulletin issued by the HHS Office for Civil Rights entitled "Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates." The bulletin bars hospitals from using standard third-party web technologies that capture IP addresses on portions of hospitals' public-facing web pages. 

Tracking technologies collect information and track users in various ways, many of which are not apparent to the website or mobile app user, OCR said in the bulletin. Websites commonly use tracking technologies such as cookies, web beacons or tracking pixels, session replay scripts and fingerprinting scripts to track and collect information from users. 

Insights gained through tracking could be used in beneficial ways to help improve care or the patient experience, OCR said. However, this tracking information could also be misused to promote misinformation, identity theft, stalking and harassment, OCR said.

The HIPAA Rules apply when the information that regulated entities collect through tracking technologies or disclose to tracking technology vendors includes protected health information, OCR said. 

The AHA claims that information sharing is vital and that hospitals and health systems use third-party technologies to enhance their websites. It prevents hospitals from using commonplace web technologies to analyze use of their websites and communicate effectively with the populations they serve.

For example, the AHA said that, under HHS' new rule, if someone visited a hospital website on behalf of her elderly neighbor to learn more about Alzheimer's disease, a hospital's use of any third-party technology that captures an IP address from that visit would expose that hospital to federal enforcement actions and significant civil penalties.

WHY THIS MATTERS

The AHA claims the bulletin was a "bolt-from-the-blue." 

The AHA and other plaintiffs are asking the court to stop enforcement of the bulletin's mandates.

The bulletin was issued without consulting healthcare providers.

Also, the government's own webpages use such technology, the AHA said. 

HHS' Medicare.gov, the Department of Defense Military Health System and Defense Health Agency, and various U.S. Veterans Health Administration sites continue to use these third-party technologies despite being covered entities under HIPAA. 

For example, forensic tools revealed that the Veterans Health Administration uses analytics and advertising tools on a wide range of sites, including online resources that describe the symptoms of post-traumatic stress disorder and point veterans to available treatment options, the AHA said. 

While dozens of hospitals across the country have received enforcement threats, and hospitals are currently under active investigation by OCR, the federal government has not halted its own use of these vital tools, the AHA said.

THE LARGER TREND

The bulletin was issued in December 2022.

In July 2023, OCR sent letters to approximately 130 hospital systems and telehealth providers warning them that the agency was "closely watching developments in this area." 

AHA, THA and Texas Health Resources have received such warning letters, according to the lawsuit.

Hospitals and other members of the AHA wish to use online technologies on Unauthenticated Public Webpages to collect and disclose what's called the "Proscribed Combination" of information to third-party technology vendors, but are refraining from doing so in various ways based on HHS's threat to enforce the bulletin, the AHA said.

They also want to employ analytic tools to improve website functionality by identifying and addressing areas in which community members struggle to find information, the AHA said. The bulletin stands in the way of using these tools, in part because many third-party technology vendors refuse to enter into a business associate agreement. 

ON THE RECORD

"The Department of Health and Human Services' new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this 'rule for thee but not for me,'" said Rick Pollack, AHA President and CEO.
 

Twitter: @SusanJMorse
Email the writer: SMorse@himss.org

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.